{"title":"增强Monkey触发Android恶意软件中的恶意载荷","authors":"Hayyan Hasan, B. T. Ladani, B. Zamani","doi":"10.1109/ISCISC51277.2020.9261909","DOIUrl":null,"url":null,"abstract":"Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to execute the app. Monkey is the most popular event generator that is used in Android dynamic analysis. Monkey provides high code coverage, and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events. Moreover, it causes disconnecting the connectivity of the test environment during the analysis process. In this paper, we try to enhance Monkey to reduce its limitations while preserving its advantages. The proposed approach includes preparing Monkey with a facility for handling system events and keeping the connectivity of the test environment up during the analysis process. To evaluate the extended version of Monkey, we compare it with its original version regarding two important criteria in the case of malware analysis: the number of called sensitive APIs, and the code coverage. The evaluation process uses 100 randomly selected samples from AMD malware dataset. The results show that enhanced Monkey improves its ability to trigger sensitive APIs, and increases its code coverage.","PeriodicalId":206256,"journal":{"name":"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Enhancing Monkey to trigger malicious payloads in Android malware\",\"authors\":\"Hayyan Hasan, B. T. Ladani, B. Zamani\",\"doi\":\"10.1109/ISCISC51277.2020.9261909\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to execute the app. Monkey is the most popular event generator that is used in Android dynamic analysis. Monkey provides high code coverage, and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events. Moreover, it causes disconnecting the connectivity of the test environment during the analysis process. In this paper, we try to enhance Monkey to reduce its limitations while preserving its advantages. The proposed approach includes preparing Monkey with a facility for handling system events and keeping the connectivity of the test environment up during the analysis process. To evaluate the extended version of Monkey, we compare it with its original version regarding two important criteria in the case of malware analysis: the number of called sensitive APIs, and the code coverage. The evaluation process uses 100 randomly selected samples from AMD malware dataset. The results show that enhanced Monkey improves its ability to trigger sensitive APIs, and increases its code coverage.\",\"PeriodicalId\":206256,\"journal\":{\"name\":\"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCISC51277.2020.9261909\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCISC51277.2020.9261909","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhancing Monkey to trigger malicious payloads in Android malware
Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to execute the app. Monkey is the most popular event generator that is used in Android dynamic analysis. Monkey provides high code coverage, and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events. Moreover, it causes disconnecting the connectivity of the test environment during the analysis process. In this paper, we try to enhance Monkey to reduce its limitations while preserving its advantages. The proposed approach includes preparing Monkey with a facility for handling system events and keeping the connectivity of the test environment up during the analysis process. To evaluate the extended version of Monkey, we compare it with its original version regarding two important criteria in the case of malware analysis: the number of called sensitive APIs, and the code coverage. The evaluation process uses 100 randomly selected samples from AMD malware dataset. The results show that enhanced Monkey improves its ability to trigger sensitive APIs, and increases its code coverage.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
